Fortress 'Cloud' or weak link?

In my previous blog on cloud adoption in Asia Pacific (APAC), I had made the point that there are several key myths causing some business in the region to slow their adoption to the cloud. In this blog I would like to look at what has perhaps proved to be the most intractable of these myths: security.It is human nature that with any relinquishing of control come worry: Ask any parent after they have left their child at nursery school for the first time. The same is true of businesses leaving their sensitive data in the cloud.

Despite the fact cloud technology is now highly secure, some CIOs and IT departments have not been able to shake their worries entirely. According to one research report, for example, 67 % of IT experts in Singapore cite data security as a 'serious' or 'very serious' impediment to cloud computing adoption. There was a similar finding in a Pan-Asia survey, which found 60 % of senior city officials in Asia deem data security to be the biggest barrier to deploying cloud in their cities.

"Modern enterprise-class cloud platforms have the capability to be inherently secure, meaning businesses can enjoy the full agility and cost benefits of cloud computing."

So why are businesses so concerned about security? Our customers have told us it is because of the consequences of a breach. If a company suffers a data breach they are liable for it, regardless of where the breach occurred; they will be responsible for paying any regulatory fines or compensation to their customers and it is their brand that will suffer.

Indeed, industry figures suggest that the total cost of a data breach has risen to $3.79 million, an increase of 23 % over the past two years. For many businesses, it seems easier to keep sensitive data in on-premise databases where they can dictate the security environment. The good news for such businesses is that they can set aside many of the worries they have about the security of the cloud. Modern enterprise-class cloud platforms have the capability to be inherently secure, meaning businesses can enjoy the full agility and cost benefits of cloud computing.

"We are seeing a new generation of cloud solutions emerge that combine the agility of the public cloud with the control of on-premise data centers." However, businesses must do their research to ensure their cloud provider can deliver the levels of security they require. The gold standard is enterprise class cloud solutions which build security right into the silicon through the latest hardware advances and are capable of stopping attacks which in the past have caught businesses off guard (for example the infamous Heart Bleed Bug).

Cloud platforms therefore enable organisations to consolidate existing and new applications on a shared and common architecture secured with robust identity management, access management and data encryption - ideal for a business looking to stay competitive in our fast-moving business environment. When it comes to encryption there is a note of caution to be struck, however. Many cloud providers will retain the encryption keys to their customers' data, meaning that, in theory, if the external perimeter security was breached, those behind it could access and read customer data.

The best services will give customer complete control of the management of their encryption keys, and as a result, external parties will have no way of reading the data that has been compromised. So, my recommendation is: before buying any service businesses should check their providers' policy around encryption keys.

"Cloud platforms enable organizations to consolidate existing and new applications on a shared and common architecture secured with robust identity management, access management and data encryption".

For industries that routinely carry highly-sensitive information or have to comply with stringent data regulations (businesses in the financial sector, for example) even more control may be required. That is why we are seeing a new generation of cloud solutions emerge that combine the agility of the public cloud with the control of on-premise data centers. In this new path for cloud migration, companies will benefit from having a physical on-premise machine within the perimeter of their business, running the full range of cloud software and services. Importantly, such 'cloud in a box' and public cloud services, if delivered by the same vendor, can be built on exactly the same platforms, so businesses can shift workloads between them and have the same security without having to change anything.

Security should no longer be seen as an obstacle to cloud adoption. If anything, cloud security is so good it should be another reason for businesses to buy. In the last blog of this series I will take a look at the final concern around cloud adoption that our APAC customers have flagged: data integrity and the need for a single source of truth.